From eb146d92015e3bfe7b2fad68dd4b8c29542a31b3 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Mon, 27 Aug 2012 21:45:05 +1000 Subject: [PATCH] properly tie auth cookies to private salt --- inc/mod/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/mod/auth.php b/inc/mod/auth.php index 6e2d3d1e..6144a17d 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -21,7 +21,7 @@ function mkhash($username, $password, $salt = false) { } // generate hash (method is not important as long as it's strong) - $hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20); + $hash = substr(base64_encode(md5($username . $config['cookies']['salt'] . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20); if (isset($generated_salt)) return Array($hash, $salt);